[Trisell]

I’ve noticed that Cyber Security at a lot of companies are still stuck in the sys admin days of yore. They continue to hold on the antiquated tooling that doesn’t scale or actually detect most issues. And the idea of learning or expanding into security automation beyond their toolset is frowned upon by a not significant number of member of the community doing the day to day work. This creates an atmosphere where they SecOps teams can’t articulate the positives they are bringing to the organization. And thus the market doesn’t pay them their worth.

Compare this to DevOps where the sale has been done well and the business is convinced that these highly paid automation engineers will help the business to improve and speed up software delivery providing more income to the company.

Until security is able to properly articulate how they are helping and improving the business, not just getting in everybody’s way. The field is going to struggle to raise salaries to comparable levels as these other disciplines.